DevSecOps Engineer

Stelle nicht auf LinkedIn

🕒 vor 2 Monaten

⛰️ Colorado, Montana, +2 weitere Bundesländer – Remote

⛰️ Colorado – Remote 🦬 Montana – Remote 🍁 Vermont – Remote 🦬 Wyoming – Remote

💵 $160.000 / Jahr

⏰ Vollzeit

🟠 Senior

🔴 Experte

⛑ DevOps- und Site Reliability Engineer (SRE)

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

New Charter Technologies

WebsiteLinkedInAlle Stellen

501 - 1000 Mitarbeiter

Gegründet 2018

🔒 Cybersecurity

IT Managed Services • Cybersecurity • Healthcare

New Charter Technologies ist eine führende Plattform, die sich aus leistungsstarken Managed Service Providern (MSPs) in ganz Nordamerika zusammensetzt und sich auf IT-Lösungen für kleine und mittelständische Unternehmen spezialisiert hat. Sie bieten ein umfassendes Spektrum an Dienstleistungen, darunter IT-Managed Services, Co-Managed IT, Beratung, Outsourcing und fortschrittliche Cybersicherheit. Ihr Ziel ist es, die IT-Bedürfnisse der Kunden von einem notwendigen Aufwand in einen strategischen Vorteil zu verwandeln, indem moderne Technologie und persönlicher Service genutzt werden, um die Produktivität und Innovation im Unternehmen zu steigern.

Beschreibung

• Serve as the primary security resource for engineering teams in direct close coordination with information security teams, advising on design decisions, authentication patterns, and API security as features are built rather than after the fact • Conduct lightweight, developer-friendly threat modeling for new features and services, right-sized to the actual audience and risk profile (internal vs. public-facing) • Lead collaboration between engineering and information security teams through architecture and code reviews with actionable, specific guidance that helps teams ship, not slow down • Responsible for remediation and enforcement of security standards as set forth by the information security team • Define and maintain a tiered security standard that distinguishes expectations for internal tooling vs. production SaaS vs. public-facing products • Engage constructively with the enterprise security organization, translating between compliance and governance language and the engineering team's operational reality • Responsible for adherence to GitHub Advanced Security (GHAS) configuration and security standards through ongoing tuning across code scanning, secret scanning, Dependabot, and security campaigns within GitHub Enterprise • Integrate security tooling into CI/CD pipelines as policy-as-code feedback loops, not manual gates • Develop and maintain GitHub Actions workflows with reusable, security-enforcing components • Drive remediation velocity metrics and coverage reporting across engineering teams • Collaborate with information security teams to assess and secure workloads across both Cloudflare and Azure, including Cloudflare Workers, Access policies, WAF, and Zero Trust for public-facing infrastructure, and Azure security controls (Managed Identities, Key Vault, Defender, IAM) for internal and opco-facing services • Apply platform-appropriate security controls as our architecture spans both environments, calibrating to the risk profile of each workload • Evaluate and harden authentication flows, API security patterns, and service-to-service trust boundaries across Cloudflare and Azure environments • Contribute to container and cloud workload security as infrastructure patterns evolve • Contribute to internal security tooling, automation, and integrations using Python and/or Go • Build security utilities such as vulnerability aggregation pipelines, policy enforcement tooling, or developer-facing security dashboards • Collaborate with information security and engineering teams on secure service design patterns, OAuth 2.0/OIDC flows, and API security controls • Support SOC 2 readiness as the product matures toward public customers, mapping application security controls to Trust Services Criteria • Triage and prioritize vulnerability findings based on actual business risk rather than CVSS scores alone, distinguishing real issues from noise in a SaaS-native environment • Partner with GRC and the enterprise security organization on evidence collection and audit preparation, without allowing compliance prep to dominate engineering time.

🎯 Anforderungen

• 7+ years in application security, secure software development, or a closely related discipline • Demonstrated ability to operate as an embedded security partner within engineering, working side by side with developers • Deep, hands-on experience with GitHub Advanced Security or equivalent security tooling, including code scanning, secret scanning, Dependabot, and security policy enforcement within GitHub Enterprise • Experience with threat modeling methodologies (STRIDE, PASTA, or similar) applied to real-world systems, with instinct for right-sizing the process to actual risk • Proficiency in Python and/or Go, comfortable reading, writing, and reviewing production-grade code • Strong command of OWASP Top 10, common vulnerability classes, and secure design principles • Experience securing SaaS or product engineering workloads rather than enterprise IT or perimeter-focused environments • Experience securing workloads on Cloudflare (WAF, Access, Zero Trust, Workers) and Microsoft Azure (IAM, Managed Identities, Key Vault, Defender), with demonstrated depth in one and working familiarity in the other • Solid understanding of container security concepts with hands-on Docker experience • Excellent communication skills, with the ability to translate complex security risk into developer-actionable guidance and executive-level business context • Familiarity with SOC 2 Trust Services Criteria and how application security controls map to compliance requirements.

🏖️ Vorteile

• Growth and learning initiatives • Employee benefits • Company innovation